CSCI 530 Lab

advertisement
CSCI 530 Lab
Packet Sniffing
Scenarios

You are a network administrator. You suspect that
some of the employees are not working and instead
spending all their time at www.espn.com



Could filter at the firewall for this address
But you want to see what sites they are accessing, without
their knowledge
You are a hacker. You have compromised a system.
You are unable to gain access to other systems on
the network. You want to get some usernames and
passwords to access these systems.
Solution – Packet Sniffer

Packet Sniffer


A tool that captures, interprets, and stores network packets
for analysis
Works at the Transport layer of the OSI 7 layer model
(Layer 4), but some can work at Network Layer (Layer 3)
 Normal network traffic is based on the destination IP
address
 Your network card will throw away any packets that are not
intended for that card
 In “Promiscuous Mode”, your network card will take all the
packets on the network, regardless of the destination IP
address.
Packet Sniffer Limitations

Sniffers are limited by the network topology



Cannot extend beyond normal network
boundaries
Cannot look past a router, switch, hub, etc.
However, if you put a packet sniffer on a
network backbone, then you will be able to
see traffic bound between intranets
Examples of Packet Sniffers

Ethernet Sniffers




Wireless Sniffers


Wireshark (formally known as Ethereal)
 You will be using this tool in the lab
DSniff
TCPDump
Airopeek
Bluetooth Sniffers


BlueSweep
BlueScanner
Defending against Sniffers

Change your network topology


Encryption



Part of your lab research – find out which topology and/or
device is most protective against sniffers
SSH
IPSec
Detect sniffers


Antisniff – from the l0pht group
Snort
 Normally for intrusion detection, but will also attempt to
detect a host working in promiscuous mode
Lab Assignment


Handout has been posted
DEN Students:




This lab can be done on a home machine (I advice against
doing it at work).
The DEN lab will be set up next week. You will receive an
e-mail with your login by next week.
Lab assignment is DUE on 9/25/06 by 11:59:59 PM FOR
DEN STUDENTS ONLY
All other students, this lab is to be done during next
week’s (9/18) lab section and is due before the
following week’s (9/25) lab section
Lab Assignment Continued

Submission guidelines




E-mail the answers questions at the end of the handout by
the due date. Attach as a text file, .doc, or .pdf
Submit to YOUR LAB T.A. ONLY
Subject line must say:
CSCI 530 Lab 3 <section day & time>
Where <section day & time> are replaced with your day &
time
Example:
CSCI 530 Lab 3 Friday 12:30
We do not send confirmation e-mails. If you request
a read receipt or a return receipt, we will say yes
and you will get a confirmation.
Download